Re: [AusNOG] Weird Cisco SSLVPN issues from what appears to be from Telstra 4G users
On Fri, Jun 28, 2019 at 10:59 AM Beeson, Ayden wrote: > > We are a Telstra 4G / Anyconnect SSL VPN shop and I haven't heard of any > complaints for this issue. Are you using Anyconnect, or just using the > clientless VPN? > > Are they 100% using the 4G connection and not accidentally on hotel / public > Wi-Fi that might have a captive portal on it? I didn't think Anyconnect even > had a portal detection feature, I've never seen one on any versions I have > run. https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/118086-technote-anyconnect-00.html > There might be a portal check feature if it does have one that is failing to > reach your ASA/VPN termination gear, even though the actual connection is > fine. I'm not aware of specifics around a mechanism if one exists so that’s > speculation at best, but maybe ICMP reachability etc? https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/118086-technote-anyconnect-00.html#anc9 As per doc, Anyconnect report the captive portal if after HTTPS certificate failure it gets unexpected HTTP code from the server. > > On 26/6/19, 1:18 pm, "AusNOG on behalf of Drikus Brits" > wrote: > > Howdy, > > Have anybody else picked up weird issues regarding SSLVPN connections. > We've had a bunch of customers complaining about getting popups > claiming that the user is behind a captive portal and needs to > authenticate/resolve connectivity issues first before the SSLVPN > software can connect. > > a bit spread thing trying to locate the exact reason, but seems it is > very erratic with customers scattered. > > cheers, > > Drikus > Brennan IT > ___ > AusNOG mailing list > AusNOG@lists.ausnog.net > http://lists.ausnog.net/mailman/listinfo/ausnog > > > ___________ > AusNOG mailing list > AusNOG@lists.ausnog.net > http://lists.ausnog.net/mailman/listinfo/ausnog -- SY, Jen Linkova aka Furry ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] High Latency to AS15169
Folks, There is no guarantee that latency to particular service stays in any pre-defined range (while, indeed, the goal is to keep it as low as possible). There are numerous legitimate reasons for temporary latency increase. It would come back to usual value eventually. The corresponding team is well aware of the fact that currently AU might experience higher than usual latency and working on minimizing the impact (and customers unhappiness ;)) and making such latency increases happening less often. However it's not always possible to totally avoid them. On Fri, Oct 5, 2018 at 10:46 AM Paul Gear wrote: > > This seems to be re-breaking on a scheduled basis: > > https://libertysys.com.au/imagebin/15387001474777_1538700147_1538438400.png > > On 04/10/18 15:33, Jason Leschnik wrote: > > I'm seeing quad-8 hitting the larger delay, but google.com > > <http://google.com> is 8ms from a few locations. > > > > On Thu, 4 Oct 2018 at 14:39, Ross Tsolakidis wrote: > > > > > > Thishappens often, we graph it for fun. > > (not default smokeping timers, very low impact). > > > > image.png > > > > Regards, > > Ross. > > > > > > On Thu, Oct 4, 2018 at 2:30 PM Nathan Brookfield > > wrote: > > > > We never saw it come back. > > > > Nathan Brookfield > > Chief Executive Officer > > > > Simtronic Technologies Pty Ltd > > http://www.simtronic.com.au > > > > On 4 Oct 2018, at 14:12, Tim Jackson wrote: > > > > Gone offshore again? > > > > > > > > On Wed, Oct 3, 2018 at 2:30 PM Jen Linkova wrote: > > > > I believe the latency should be back to usual values now. > > > > On Wed, Oct 3, 2018 at 1:55 PM Dave Browning wrote: > > > > All, > > > > Just to keep the list updated on this issue, Google have > > confirmed there is a wide spread problem and the > > appropriate Engineer's are on the case > > > > Cheers, > > > > Dave Browning | Senior Network Engineer > > P 1300 791 678 D 07 3708 0008 > > Level 1, 12 Railway Tce, Milton QLD 4064 > > > ___ > AusNOG mailing list > AusNOG@lists.ausnog.net > http://lists.ausnog.net/mailman/listinfo/ausnog -- SY, Jen Linkova aka Furry ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] High Latency to AS15169
I believe the latency should be back to usual values now. On Wed, Oct 3, 2018 at 1:55 PM Dave Browning wrote: > All, > > Just to keep the list updated on this issue, Google have confirmed there > is a wide spread problem and the appropriate Engineer's are on the case > > Cheers, > > Dave Browning | Senior Network Engineer > P 1300 791 678 D 07 3708 0008 > Level 1, 12 Railway Tce, Milton QLD 4064 > > -Original Message- > From: AusNOG On Behalf Of Dave Browning > Sent: Wednesday, 3 October 2018 12:53 PM > To: ausnog@lists.ausnog.net > Subject: Re: [AusNOG] High Latency to AS15169 > > Hi Jen, > > Looks like your front line aren’t aware of the issues, see response below; > > -- > Hi, > > Google does not recommend using ping time to google.com [or any other > Google service, including Google Public DNS, or 8.8.8.8] as a measure of > the actual performance of Google services for the following reasons: > > - Google services, including Google Public DNS, are not designed as ICMP > network testing services > - Many large networks, including Google, rate limit ICMP > - ICMP ping or traceroute traffic can be discarded or delayed en-route to > Google > - The termination point of the TCP/UDP session with Google may not > represent the full network path between a user and the service > - User requests may be served from locations closer to or farther from the > user than the destination of the initial TCP termination point > - Even a complete lack of response to ICMP traffic may not reflect any > sort of issue with Google service performance. > > Please do let us know if you actually getting complaints from your users > about accessing Google services. > > FYI, you may also want to read this about icmp and traceroutes to Google > https://peering.google.com/#/learn-more/faq > > > Best Regards, > > Salman Nasir Khan | Network Operations Center (AS15169) | mailto: > n...@google.com | +1-855-4664-638 > > -- > > Cheers, > > Dave Browning | Senior Network Engineer > P 1300 791 678 D 07 3708 0008 > Level 1, 12 Railway Tce, Milton QLD 4064 > > From: AusNOG On Behalf Of Jen Linkova > Sent: Wednesday, 3 October 2018 12:04 PM > To: ausnog@lists.ausnog.net > Subject: Re: [AusNOG] High Latency to AS15169 > > Just to let everyone know - the problem is being investigated right now. > > > On Wed, Oct 3, 2018 at 10:42 AM Dave Browning <mailto:d...@sentrian.com.au> > wrote: > All, > > I am seeing high latency into Google's network from both our network and > also my home network. Is everyone else seeing this? Examples are 8.8.8.8 > and 35.185.160.2 We direct peer with them. Looks as if my home ISP do too. > > Latency seems to jump at the same spot from both networks, between > 108.170.247.75 and 216.239.35.142 (both Google IPs). > Have sent NOC a message, but just be interested to see if others are > affected. > > Cheers, > > Dave Browning | Senior Network Engineer > P 1300 791 678 D 07 3708 0008 > Level 1, 12 Railway Tce, Milton QLD 4064 > ___ > AusNOG mailing list > mailto:AusNOG@lists.ausnog.net > http://lists.ausnog.net/mailman/listinfo/ausnog > > > -- > SY, Jen Linkova aka Furry > ___________ > AusNOG mailing list > AusNOG@lists.ausnog.net > http://lists.ausnog.net/mailman/listinfo/ausnog > ___ > AusNOG mailing list > AusNOG@lists.ausnog.net > http://lists.ausnog.net/mailman/listinfo/ausnog > -- SY, Jen Linkova aka Furry ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] High Latency to AS15169
Just to let everyone know - the problem is being investigated right now. On Wed, Oct 3, 2018 at 10:42 AM Dave Browning wrote: > All, > > I am seeing high latency into Google's network from both our network and > also my home network. Is everyone else seeing this? Examples are 8.8.8.8 > and 35.185.160.2 > We direct peer with them. Looks as if my home ISP do too. > > Latency seems to jump at the same spot from both networks, between > 108.170.247.75 and 216.239.35.142 (both Google IPs). > Have sent NOC a message, but just be interested to see if others are > affected. > > Cheers, > > Dave Browning | Senior Network Engineer > P 1300 791 678 D 07 3708 0008 > Level 1, 12 Railway Tce, Milton QLD 4064 > ___ > AusNOG mailing list > AusNOG@lists.ausnog.net > http://lists.ausnog.net/mailman/listinfo/ausnog > -- SY, Jen Linkova aka Furry ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
[AusNOG] Telstra NOC contact (IPv6 fun again)?
It looks like IPv6 connectivity to www.telstra.com.au is broken (for *some* clients) in quite amusing way...Looking for right contact to report and troubleshoot it. -- SY, Jen Linkova aka Furry ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: [AusNOG] Provider Announcing Prefix Without Approval
On Tue, Sep 25, 2018 at 4:49 PM, Phillip Grasso wrote: > contact their upstream and peers. shut the down or get their upstreams to > filter their announcements. I'd say 'ask their upstream why they accept invalid ROA' - as the affect networks are signed... > On Mon, 24 Sep 2018 at 16:37, Daniel Watson wrote: >> >> Hi Guys >> >> I am wondering what I should do in this situation where a provider over in >> Brazil has announced my prefixes without my consent? >> >> I was alerted to this from BGPMon 13 hours ago >> >> The prefixes in question is 103.77.68.0/24 & 103.77.69.0/24, These were >> announced by AS28140 (Maxiweb Internet Provider) >> >> Cheers >> >> D >> ___ >> AusNOG mailing list >> AusNOG@lists.ausnog.net >> http://lists.ausnog.net/mailman/listinfo/ausnog > > > ___________ > AusNOG mailing list > AusNOG@lists.ausnog.net > http://lists.ausnog.net/mailman/listinfo/ausnog > -- SY, Jen Linkova aka Furry ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
[AusNOG] Any Skymesh IPv6 engineers on this list?
Hello, I'm looking for any Skymesh person who would care about their IPv6 deployment - it looks like smth weird is going on and I'd like to talk to them off-list. Their first like support does not seem to be very useful. Thanks! -- SY, Jen Linkova aka Furry ___ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
